VLAN division on the Intranet

There are four ways to divide VLANs:

1. VLAN division by port

Many VLAN manufacturers use the ports of vswitches to divide VLAN members. The configured ports are all in the same broadcast domain. For example, Ports 1, 2, 3, 4, and 5 of A vswitch are defined as virtual network AAA. Ports 6, 7, and 8 of the same vswitch form the virtual network BBB. In this way, communication between ports is allowed and shared network upgrades are allowed. However, this division mode limits the virtual network to one vswitch.

The second-generation port VLAN technology allows VLAN division across multiple different ports of multiple switches. Several ports on different switches can form the same virtual network.

Vswitch ports are used to divide Network members. The configuration process is simple and clear. Therefore, from the current perspective, this method of VLAN division based on ports is still the most commonly used method.

2. VLAN division based on MAC addresses

VLAN division is based on the MAC address of each host, that is, the group of hosts with each MAC address is configured. The biggest advantage of this VLAN division method is that when a user moves from a switch to another switch, the VLAN does not need to be reconfigured, it can be considered that this method is based on the user's VLAN according to the MAC address. The disadvantage of this method is that all users must perform configuration during initialization, configuration is very tiring if there are hundreds or even thousands of users. In addition, this division method also reduces the efficiency of the switch, because each switch port may have many members of VLAN groups, so that broadcast packets cannot be restricted. In addition, for users who use laptops, their network cards may be changed frequently, so that the VLAN must be configured continuously.

3. VLAN division by Network Layer

This VLAN division method is based on the network layer address or protocol type of each host (if multiple protocols are supported), although this division method is based on network addresses, such as IP addresses, but it is not a route, and it has nothing to do with the routing at the network layer.

The advantage is that the user's physical location has changed, and there is no need to reconfigure the corresponding VLAN, and VLAN can be divided according to the protocol type, which is very important for network managers, this method does not require additional frame tags to identify VLANs, which can reduce network traffic. Its disadvantage is its low efficiency because it takes processing time to check the network layer address of each packet (compared with the previous two methods ), generally, the switch chip can automatically check the Ethernet frame header of the packets on the network. However, to enable the chip to check the IP frame header, a higher technology is required and time-consuming. Of course, this is related to the implementation methods of various vendors.

4. VLAN division based on IP Multicast

IP multicast is actually a VLAN definition, that is, a multicast group is a VLAN. This division expands the VLAN to the WAN, so this method has more flexibility, it is also easy to expand through the router. Of course, this method is not suitable for LAN, mainly because of low efficiency.

VLAN Standard

We only introduce two general standards for VLAN standards. Of course, some companies have their own standards, such as Cisco's ISL standards. Although they are not popular standards, however, due to the extensive use of Cisco Catalyst switches, ISL has become a non-standard.

802.10 VLAN Standard

In, Cisco promoted the use of the Protocol. Previously, was used as the same specification for VLAN security globally. Cisco attempted to transmit the required VLAN tags in the FramTagging mode over the network in the optimized 802.10 frame format. However, most members of the 802 committee opposed the promotion of 802.10. Because the Protocol is based on the FrameTagging method.

802.1Q

On October 16, March 1996, The 802.1internetworking Committee ended the revision of the initial VLAN standard. The new standards further improve the VLAN architecture, unify the tag formats of different vendors in the Fram-eTagging mode, and develop the development direction of VLAN standards in the future, the 802.1Q standard has been widely promoted in the industry. It has become a milestone in VLAN history. The emergence of 802.1Q breaks the deadlock that the virtual network depends on a single vendor, and promotes the rapid development of VLAN from one side. In addition, the pressure from the market allows major network vendors to immediately integrate new standards into their respective products.

The following describes an instance of a VLAN:

An IT company has an existing administrative department, Technical Department, and marketing department. VLAN Division: the administration department VLAN10, the technology department VLAN20, and the marketing department VLAN30. Each department can communicate with each other.

The current device is a Cisco 3640 router, one Cisco Catalyst 2924 switch, and several secondary switches.

The code in the vswitch configuration file is as follows:

...... ! Interface vlan10 Ip address 192.168.0.1 ! Interface vlan20 Ip address 192.168.1.1 ! Interface vlan30 Ip address 192.168.2.1 ! ...... The code in the vro configuration file is as follows: ...... Interface FastEthernet 1/0. 1 Encapsulation isl 10 Ip address 192.168.0.2 ! Interface FastEthernet 1/0. 2 Encapsulation isl 20 Ip address 192.168.1.2 ! Interface FastEthernet 1/0. 3 Encapsulation isl 30 Ip address 192.168.2.2 ! ...... ! Router rip Network 192.168.0.0 !

Related Articles]

• How to divide VLANs in the company
  

• Four VLAN policies
  

• How to configure VLAN Division on a vswitch